Details of VAR-202002-1208

ID

VAR-202002-1208

CVE

CVE-2020-6768

TITLE

plural Bosch Product path traversal vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-001869

DESCRIPTION

A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed. plural Bosch The product contains a past traversal vulnerability.Information may be obtained. Bosch DIVAR IP 3000 is a 3000 series video recorder of Germany Bosch. Bosch DIVAR IP 3000 has a path traversal vulnerability

Trust: 2.16

sources: NVD: CVE-2020-6768 // JVNDB: JVNDB-2020-001869 // CNVD: CNVD-2020-04548

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-04548

AFFECTED PRODUCTS

vendor:	bosch	model:	video management system viewer	scope:	gte	version:	8.0	Trust: 1.0
vendor:	bosch	model:	video management system viewer	scope:	lte	version:	8.0.329	Trust: 1.0
vendor:	bosch	model:	video management system	scope:	lte	version:	9.0.0.827	Trust: 1.0
vendor:	bosch	model:	video management system	scope:	gte	version:	9.0	Trust: 1.0
vendor:	bosch	model:	video management system	scope:	lte	version:	8.0.0.329	Trust: 1.0
vendor:	bosch	model:	video management system viewer	scope:	lte	version:	9.0.0.827	Trust: 1.0
vendor:	bosch	model:	video management system viewer	scope:	gte	version:	9.0	Trust: 1.0
vendor:	bosch	model:	video management system	scope:	lte	version:	7.5	Trust: 1.0
vendor:	bosch	model:	video management system	scope:	gte	version:	10.0	Trust: 1.0
vendor:	bosch	model:	video management system	scope:	lte	version:	10.0.0.1225	Trust: 1.0
vendor:	bosch	model:	video management system viewer	scope:	lte	version:	10.0.0.1225	Trust: 1.0
vendor:	bosch	model:	video management system viewer	scope:	gte	version:	10.0	Trust: 1.0
vendor:	bosch	model:	video management system	scope:	gte	version:	8.0	Trust: 1.0
vendor:	bosch	model:	video management system viewer	scope:	lte	version:	7.5	Trust: 1.0
vendor:	robert bosch	model:	bvms viewer	scope:	eq	version:	10.0 から 10.0.0.1225	Trust: 0.8
vendor:	robert bosch	model:	bvms viewer	scope:	eq	version:	7.5	Trust: 0.8
vendor:	robert bosch	model:	bvms viewer	scope:	eq	version:	8.0 から 8.0.0.329	Trust: 0.8
vendor:	robert bosch	model:	bvms viewer	scope:	eq	version:	9.0 から 9.0.0.827	Trust: 0.8
vendor:	robert bosch	model:	video management system	scope:	eq	version:	10.0 から 10.0.0.1225	Trust: 0.8
vendor:	robert bosch	model:	video management system	scope:	eq	version:	7.5	Trust: 0.8
vendor:	robert bosch	model:	video management system	scope:	eq	version:	8.0 から 8.0.0.329	Trust: 0.8
vendor:	robert bosch	model:	video management system	scope:	eq	version:	9.0 から 9.0.0.827	Trust: 0.8
vendor:	bosch	model:	divar ip	scope:	eq	version:	3000	Trust: 0.6
vendor:	bosch	model:	divar ip 3000	scope:	eq	version:	-	Trust: 0.6
vendor:	bosch	model:	divar ip all-in-one 5000	scope:	eq	version:	-	Trust: 0.6
vendor:	bosch	model:	divar ip 7000	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-04548 // JVNDB: JVNDB-2020-001869 // CNNVD: CNNVD-202002-234 // NVD: CVE-2020-6768

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-6768
value:	HIGH
Trust: 1.0
psirt@bosch.com:	CVE-2020-6768
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-001869
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-04548
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202002-234
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-6768
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-001869
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-04548
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-6768
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
psirt@bosch.com:	CVE-2020-6768
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-001869
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-04548 // JVNDB: JVNDB-2020-001869 // CNNVD: CNNVD-202002-234 // NVD: CVE-2020-6768 // NVD: CVE-2020-6768

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2020-001869 // NVD: CVE-2020-6768

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-234

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202002-234

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-001869

PATCH

title:	BOSCH-SA-815013-BT	url:	https://psirt.bosch.com/security-advisories/bosch-sa-815013-bt.html	Trust: 0.8
title:	Patch for Bosch DIVAR IP 3000 Path Traversal Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/199903	Trust: 0.6
title:	Multiple Bosch Product path traversal vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110469	Trust: 0.6

sources: CNVD: CNVD-2020-04548 // JVNDB: JVNDB-2020-001869 // CNNVD: CNNVD-202002-234

EXTERNAL IDS

db:	NVD	id:	CVE-2020-6768	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-001869	Trust: 0.8
db:	CNVD	id:	CNVD-2020-04548	Trust: 0.6
db:	CNNVD	id:	CNNVD-202002-234	Trust: 0.6

sources: CNVD: CNVD-2020-04548 // JVNDB: JVNDB-2020-001869 // CNNVD: CNNVD-202002-234 // NVD: CVE-2020-6768

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-6768	Trust: 2.0
url:	https://psirt.bosch.com/security-advisories/bosch-sa-815013-bt.html	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6768	Trust: 0.8

sources: CNVD: CNVD-2020-04548 // JVNDB: JVNDB-2020-001869 // CNNVD: CNNVD-202002-234 // NVD: CVE-2020-6768

SOURCES

db:	CNVD	id:	CNVD-2020-04548
db:	JVNDB	id:	JVNDB-2020-001869
db:	CNNVD	id:	CNNVD-202002-234
db:	NVD	id:	CVE-2020-6768

LAST UPDATE DATE

2024-11-23T22:11:37.569000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-04548	date:	2020-02-11T00:00:00
db:	JVNDB	id:	JVNDB-2020-001869	date:	2020-02-28T00:00:00
db:	CNNVD	id:	CNNVD-202002-234	date:	2020-03-02T00:00:00
db:	NVD	id:	CVE-2020-6768	date:	2024-11-21T05:36:09.660

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-04548	date:	2020-02-11T00:00:00
db:	JVNDB	id:	JVNDB-2020-001869	date:	2020-02-28T00:00:00
db:	CNNVD	id:	CNNVD-202002-234	date:	2020-02-07T00:00:00
db:	NVD	id:	CVE-2020-6768	date:	2020-02-07T21:15:10.653